PT-2025-8941 · E Kent · E-Kent Pallium Vehicle Tracking

Name of the Vulnerable Software and Affected Versions: E-Kent Pallium Vehicle Tracking versions prior to 17.10.2024 Description: The issue affects the authentication mechanism of the software, allowing for authentication bypass due to the use of hard-coded credentials and storage of sensitive dat...

Vben-Admin 安全漏洞

Vben-Admin is a Vben admin for Hackerhan Personal Developers. A security vulnerability exists in Vben-Admin version 2.10.1, which stems from hard-coded credentials that lead to unauthorized logins...

E-Kent Pallium Vehicle Tracking 安全漏洞

E-Kent Pallium Vehicle Tracking is a vehicle tracking system from E-Kent. A security vulnerability exists in E-Kent Pallium Vehicle Tracking prior to version 17.10.2024, which stems from improperly stored hard-coded credentials and sensitive data, which could lead to authentication bypass...

SunGrow iSolarCloud 安全漏洞

SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in SunGrow iSolarCloud version V2.1.6.20241017 and...

Tenda W18E Trust Management Issue Vulnerability

The Tenda W18E is a wireless router from the Chinese company Tenda. The Tenda W18E suffers from a trust management issue vulnerability that stems from the presence of hard-coded credentials, no details of the vulnerability are provided at this time...

CVE-2024-8893

Use of Hard-coded Credentials vulnerability in GoodWe Technologies Co., Ltd. GW1500‑XS allows anyone in physical proximity to the device to fully access the web interface of the inverter via Wi‑Fi.This issue affects GW1500‑XS: 1.1.2.1...

CVE-2024-8893

Use of Hard-coded Credentials vulnerability in GoodWe Technologies Co., Ltd. GW1500‑XS allows anyone in physical proximity to the device to fully access the web interface of the inverter via Wi‑Fi.This issue affects GW1500‑XS: 1.1.2.1...

CVE-2024-8893

Use of Hard-coded Credentials vulnerability in GoodWe Technologies Co., Ltd. GW1500‑XS allows anyone in physical proximity to the device to fully access the web interface of the inverter via Wi‑Fi.This issue affects GW1500‑XS: 1.1.2.1...

CVE-2024-8893

The CVE-2024-8893 issue affects GoodWe GW1500‑XS (firmware version 1.1.2.1). The root cause is hard‑coded credentials, enabling anyone in physical proximity to access the inverter’s web interface over Wi‑Fi. Evidence from PT-2025-6771 and CNNVD-202502-1681, Red Hat, NVD, and CVE records consisten...

IXON IXrouter IX2400 安全漏洞

The IXON IXrouter IX2400 is an industrial router from the Dutch company IXON. A security vulnerability exists in the IXON IXrouter IX2400 version v3.0, which stems from the inclusion of hard-coded root credentials that allow a physically proximate attacker to gain root access via UART or SSH...

PT-2025-6771 · Goodwe Technologies Co. · Gw1500‑Xs

Name of the Vulnerable Software and Affected Versions: GoodWe Technologies Co., Ltd. GW1500‑XS version 1.1.2.1 Description: The issue affects GoodWe Technologies Co., Ltd. GW1500‑XS, allowing anyone in physical proximity to the device to fully access the web interface of the inverter via Wi‑Fi du...

GoodWe GW1500-XS 安全漏洞

The GoodWe GW1500-XS is a photovoltaic inverter from GoodWe China. A security vulnerability exists in the GoodWe GW1500-XS version 1.1.2.1, which stems from hard-coded credentials that allow a physical neighbor attacker to access the device via Wi-Fi...

CVE-2025-26410

The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. T...

CVE-2025-1143

Certain models of routers from Billion Electric has hard-coded embedded linux credentials, allowing attackers to log in through the SSH service using these credentials and obtain root privilege of the system...

CVE-2025-26410

The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. T...

CVE-2025-26410 Weak Hard-coded Credentials

The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. T...

CVE-2025-26410 Weak Hard-coded Credentials

The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. T...

CVE-2025-26410

Wattsense Bridge firmware prior to 6.4.1 contains hard-coded user/root credentials; recovered passwords enable login via the serial interface, leading to total compromise. The backdoor user has been removed in firmware BSP >= 6.4.1. Recommended remediation: update Wattsense Bridge firmware to ...

CVE-2025-1143

Certain models of routers from Billion Electric has hard-coded embedded linux credentials, allowing attackers to log in through the SSH service using these credentials and obtain root privilege of the system...

CVE-2025-1143 Billion Electric M120N - Use of Hard-coded Credentials

Certain models of routers from Billion Electric has hard-coded embedded linux credentials, allowing attackers to log in through the SSH service using these credentials and obtain root privilege of the system...